Peter Maydell [Thu, 19 Oct 2017 17:42:51 +0000 (18:42 +0100)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-sparc-signed' into staging
qemu-sparc update
# gpg: Signature made Thu 19 Oct 2017 07:50:16 BST
# gpg: using RSA key 0x5BC2C56FAE0F321F
# gpg: Good signature from "Mark Cave-Ayland <[email protected]>"
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-sparc-signed:
sun4u: fix assert when adding NICs which aren't the in-built model
sun4u: update PCI topology to include simba PCI bridges
build: automatically handle GIT submodule checkout for dtc
On my system, I see the following with a fresh clone:
% ./configure --disable-gtk --target-list=aarch64-softmmu
% make -j8
GEN aarch64-softmmu/config-devices.mak.tmp
GEN config-host.h
mkdir -p dtc/libfdt
GIT ui/keycodemapdb dtc
mkdir -p dtc/tests
GEN qemu-options.def
[snip]
GEN migration/trace.h
make: *** [git-submodule-update] Error 1
make: *** Waiting for unfinished jobs....
Upon closer inspection, the root cause of the error is:
% git submodule update --init ui/keycodemapdb dtc
fatal: destination path 'dtc' already exists and is not an empty directory.
Clone of 'git://git.qemu-project.org/dtc.git' into submodule path 'dtc' failed
This patch fixes this race condition by forcing the 'dtc/%' rule which caused
'dtc' to be non-empty to wait on '.git-submodule-status'.
* remotes/bonzini/tags/for-upstream: (29 commits)
scsi: reject configurations with logical block size > physical block size
qdev: defer DEVICE_DEL event until instance_finalize()
Revert "qdev: Free QemuOpts when the QOM path goes away"
qdev: store DeviceState's canonical path to use when unparenting
qemu-pr-helper: use new libmultipath API
watch_mem_write: implement 8-byte accesses
notdirty_mem_write: implement 8-byte accesses
memory: reuse section_from_flat_range()
kvm: simplify kvm_align_section()
kvm: region_add and region_del is not called on updates
kvm: fix error message when failing to unregister slot
kvm: tolerate non-existing slot for log_start/log_stop/log_sync
kvm: fix alignment of ram address
memory: call log_start after region_add
target/i386: trap on instructions longer than >15 bytes
target/i386: introduce x86_ld*_code
tco: add trace events
docs/devel/loads-stores.rst: Document our various load and store APIs
nios2: define tcg_env
build: remove CONFIG_LIBDECNUMBER
...
* remotes/kraxel/tags/opengl-20171017-pull-request:
egl-headless: add dmabuf support
egl-helpers: add egl_texture_blit and egl_texture_blend
egl-helpers: add dmabuf import support
opengl: add flipping vertex shader
opengl: move shader init from console-gl.c to shader.c
console: add support for dmabufs
Gerd Hoffmann [Thu, 19 Oct 2017 07:46:29 +0000 (09:46 +0200)]
seabios: update to 1.11 prerelease
This is the seabios update for qemu 2.11. Well, almost, seabios is in
freeze for the upcoming 1.11 release. This updates seabios to current
git master snapshot, and it will be updated again to 1.11 final before
the 2.11 release.
With this two-step seabios gets some more wide testing before the actual
release and the update to 1.11 final (which will most likely happen
after qemu freeze) should have bugfix patches only.
git shortlog
============
Aleksandr Bezzubikov (3):
pci: refactor pci_find_capapibilty to get bdf as the first argument instead of the whole pci_device
pci: add QEMU-specific PCI capability structure
pci: enable RedHat PCI bridges to reserve additional resources on PCI init
Ben Warren (5):
QEMU DMA: Add DMA write capability
romfile-loader: Switch to using named structs
QEMU fw_cfg: Add command to write back address of file
QEMU fw_cfg: Add functions for accessing files by key
QEMU fw_cfg: Write fw_cfg back on S3 resume
Daniel Verkamp (5):
nvme: support NVMe 1.0 controllers
nvme: extend command timeout to 5 seconds
nvme: fix reversed loop condition in cmd_readwrite
nvme: fix extraction of status code bits
nvme: fix copy-paste mistake in comment
Filippo Sironi (1):
nvme: Use the Maximum Queue Entries Supported (MQES) to initialize I/O queues
Gerd Hoffmann (7):
usb: add hub portmap
usb-xhci: use hub portmap
std: add cp437 to unicode map
kbd: make enqueue_key public, add ascii_to_keycode
romfile: add support for constant files.
paravirt: serial console configuration.
add serial console support
Igor Mammedov (1):
drop "etc/boot-cpus" fw_cfg file and reuse legacy QEMU_CFG_NB_CPUS
Jason Wang (1):
virtio: IOMMU support
Julian Stecklina (2):
block: add NVMe boot support
nvme: fix out of memory behavior
Julius Werner (1):
coreboot: Adapt to upstream CBMEM console changes
Kevin O'Connor (26):
usb: Make usb_time_sigatt variable static
tpm: Add comment banners to tcg.c separating major parts of spec
tpm: Don't call tpm_set_failure() from tpm12_get_capability()
tpm: Move code around in tcgbios.c to keep like code together
acpi: Generalize find_fadt() and find_tcpa_by_rsdp() into find_acpi_table()
tpm: Don't call tpm_build_and_send_cmd() from tpm20_stirrandom()
tpm: Rework tpm_build_and_send_cmd() into tpm_simple_cmd()
ps2port: Disable keyboard/mouse prior to resetting ps2 controller
docs: Note release dates for 1.10.1 and 1.10.2
resume: Don't attempt to use generic reboot mechanisms on QEMU
boot: Increase description size in boot menu
src: Minor - remove tab characters that slipped into SeaBIOS C code
NVMe: Allow NVMe to be enabled on real hardware
smm: Backup and restore A20 on an SMI based mode switch
stacks: Make sure to initialize Call16Data
stacks: Don't update the A20 settings if they haven't changed
stacks: There is no need to disable NMI if it is already disabled
vga: Fix bug in stdvga_get_linesize()
docs: Fix typos in Memory_Model.md
tcgbios: Fix use of unitialized variable
boot: Rename drive_g to drive
disk: Don't require the 'struct drive_s' to be in the f-segment
block: Rename disk_op_s->drive_gf to drive_fl
virtio: Allocate drive_s storage in low memory
xhci: Build TRBs directly in xhci_trb_queue()
xhci: Verify the device is still present in xhci_cmd_submit()
Ladi Prosek (1):
ahci: Set upper 32-bit registers to zero
Patrick Rudolph (4):
SeaVGABios/cbvga: Advertise correct pixel format
SeaVGABIOS/vbe: Query driver for scanline pitch v2
SeaVGABios/cbvga: Use active mode to clear screen
SeaVGABios/cbvga: Advertise compatible VESA modes
Paul Menzel (1):
vgasrc: Increase debug level
Petr Berky (1):
config: Add function to check if fw_cfg exists
Ricardo Ribalda Delgado (1):
serialio: Support for mmap serial ports
Roman Kagan (11):
blockcmd: accept only disks and CD-ROMs
blockcmd: generic SCSI luns enumeration
virtio-scsi: enumerate luns with REPORT LUNS
esp-scsi: enumerate luns with REPORT LUNS
usb-uas: enumerate luns with REPORT LUNS
pvscsi: fix the comment about lun enumeration
mpt-scsi: try to enumerate luns with REPORT LUNS
lsi-scsi: reset in case of a serious problem
lsi-scsi: try to enumerate luns with REPORT LUNS
blockcmd: start REPORT_LUNS with the smallest buffer
Revert "lsi-scsi: reset in case of a serious problem"
Stefan Berger (1):
tpm: Log TPM 2 digest structure in little endian format
Youness Alaoui (1):
nvme: Enable NVMe support for non-qemu hardware
Zeh, Werner (1):
ahci: Disable Native Command Queueing
Mark Cave-Ayland [Sun, 15 Oct 2017 09:05:59 +0000 (10:05 +0100)]
sun4u: fix assert when adding NICs which aren't the in-built model
Commit 8d93297 introduced a bug whereby non-inbuilt NICs are realized before
setting the default MAC address causing an assert. Switch NIC creation
over from pci_create_simple() to pci_create() which works exactly the
same except omitting the realize as originally intended.
Mark Cave-Ayland [Sun, 11 Jun 2017 09:12:08 +0000 (10:12 +0100)]
sun4u: update PCI topology to include simba PCI bridges
This patch updates the sun4u model to being much closer to a real Ultra 5
by moving devices behind the 2 simba PCI bridges (A and B) as found on real
hardware.
The most noticeable change introduced by this patchset is that in-built devices
are no longer attached to the PCI root bus, but instead behind PCI bridge A.
Along with this the interrupt routing is updated accordingly to match the
official documentation.
Since the existing code currently bypasses the PCI bridge interrupt
swizzling, the interrupt mapping functions are reorganised so that
pci_pbm_map_irq() is used by the PCI bridges and pci_apb_map_irq() is
used by the PCI host bridge.
Behind the sabre PCI host bridge, the PCI IO space now needs to be
split into two separate halves at 0x8000000. Therefore we also setup a new
PCI IO space region of increased size on the PCI host bridge and enable
32-bit PCI IO accesses to allow IO accesses to reach devices behind PCI
bridge B correctly.
As part of this change we also combine the onboard sunhme NIC and the ebus
into a single multi-function device as done on a real Ultra 5. For other
NICs the existing behaviour is preserved, i.e. we initialise them and
place them into the next free slot on PCI bus B.
Finally we mark the physically unavailable slots (plus slot 0 in busA) as
reserved to ensure that users can't plug devices into non-existent slots
which will break interrupt routing.
Note: since this commit changes PCI topology and interrupt routing, an
updated openbios-sparc64 binary is included with this commit containing the
associated changes to maintain bisectability.
Logical block size of a SCSI disk should never be larger than
physical block size. From an ATA/SCSI perspective, it makes no sense
to have the logical block size greater than the physical block size,
and it cannot even be effectively expressed in the command set. The
whole point of adding the physical block size to the ATA/SCSI command
set was to communicate a desire for a larger block size (than logical),
while maintaining backwards compatibility with legacy 512 byte block
size.
When setting logical_block_size > physical_block_size, QEMU cannot express
it in READ CAPACITY(16) output, and all it can do is set the physical
block exponent to 0 (i.e. logical_block_size == physical_block_size).
Reporting the error properly, however, is better.
Michael Roth [Mon, 16 Oct 2017 22:23:15 +0000 (17:23 -0500)]
qdev: defer DEVICE_DEL event until instance_finalize()
DEVICE_DEL is currently emitted when a Device is unparented, as
opposed to when it is finalized. The main design motivation for this
seems to be that after unparent()/unrealize(), the Device is no
longer visible to the guest, and thus the operation is complete
from the perspective of management.
However, there are cases where remaining host-side cleanup is also
pertinent to management. The is generally handled by treating these
resources as aspects of the "backend", which can be managed via
separate interfaces/events, such as blockdev_add/del, netdev_add/del,
object_add/del, etc, but some devices do not have this level of
compartmentalization, namely vfio-pci, and possibly to lend themselves
well to it.
In the case of vfio-pci, the "backend" cleanup happens as part of
the finalization of the vfio-pci device itself, in particular the
cleanup of the VFIO group FD. Failing to wait for this cleanup can
result in tools like libvirt attempting to rebind the device to
the host while it's still being used by VFIO, which can result in
host crashes or other misbehavior depending on the host driver.
Deferring DEVICE_DEL still affords us the ability to manage backends
explicitly, while also addressing cases like vfio-pci's, so we
implement that approach here.
An alternative proposal involving having VFIO emit a separate event
to denote completion of host-side cleanup was discussed, but the
prevailing opinion seems to be that it is not worth the added
complexity, and leaves the issue open for other Device implementations
to solve in the future.
This patch originally addressed an issue where a DEVICE_DELETED
event could be emitted (in device_unparent()) before a Device's
QemuOpts were cleaned up (in device_finalize()), leading to a
"duplicate ID" error if management attempted to immediately add
a device with the same ID in response to the DEVICE_DELETED event.
An alternative will be implemented in a subsequent patch where we
defer the DEVICE_DELETED event until device_finalize(), which would
also prevent the race, so we revert the original fix in preparation.
Michael Roth [Mon, 16 Oct 2017 22:23:13 +0000 (17:23 -0500)]
qdev: store DeviceState's canonical path to use when unparenting
device_unparent(dev, ...) is called when a device is unparented,
either directly, or as a result of a parent device being
finalized, and handles some final cleanup for the device. Part
of this includes emiting a DEVICE_DELETED QMP event to notify
management, which includes the device's path in the composition
tree as provided by object_get_canonical_path().
object_get_canonical_path() assumes the device is still connected
to the machine/root container, and will assert otherwise, but
in some situations this isn't the case:
If the parent is finalized as a result of object_unparent(), it
will still be attached to the composition tree at the time any
children are unparented as a result of that same call to
object_unparent(). However, in some cases, object_unparent()
will complete without finalizing the parent device, due to
lingering references that won't be released till some time later.
One such example is if the parent has MemoryRegion children (which
take a ref on their parent), who in turn have AddressSpace's (which
take a ref on their regions), since those AddressSpaces get cleaned
up asynchronously by the RCU thread.
In this case qdev:device_unparent() may be called for a child Device
that no longer has a path to the root/machine container, causing
object_get_canonical_path() to assert.
Fix this by storing the canonical path during realize() so the
information will still be available for device_unparent() in such
cases.
Paolo Bonzini [Tue, 17 Oct 2017 18:11:58 +0000 (20:11 +0200)]
qemu-pr-helper: use new libmultipath API
libmultipath has recently changed its API. The new API supports multi-threaded
clients better. Unfortunately there is no backwards-compatibility, so we just
switch to the new one. Running QEMU compiled with the new library on the old
library will likely crash, while doing the opposite will cause QEMU not to
start at all (because udev, get_multipath_config and put_multipath_config
are undefined).
Paolo Bonzini [Tue, 17 Oct 2017 12:16:05 +0000 (14:16 +0200)]
watch_mem_write: implement 8-byte accesses
Aligned 8-byte memory writes by a 64-bit target on a 64-bit host should
always turn into atomic 8-byte writes on the host, however a write
write watchpoint would end up tearing the 8-byte write into two 4-byte
writes in access_with_adjusted_size().
Andrew Baumann [Fri, 13 Oct 2017 18:19:13 +0000 (11:19 -0700)]
notdirty_mem_write: implement 8-byte accesses
Aligned 8-byte memory writes by a 64-bit target on a 64-bit host should
always turn into atomic 8-byte writes on the host, however if we missed
in the softmmu, and the TLB line was marked as not dirty, then we
would end up tearing the 8-byte write into two 4-byte writes in
access_with_adjusted_size().
It might be confusing for some listener implementations that implement
both, region_add and log_start (e.g. KVM) if we call log_start before an
actual region was added using region_add.
This makes current KVM code trigger an assertion
("kvm_section_update_flags: error finding slot"). So let's just reverse
the order instead of tolerating log_start on yet unknown regions.
The TARGET_MTIOCTOP/TARGET_MTIOCGET/TARGET_MTIOCPOS values
were being defined in terms of host struct types, but
these structures are such that their size might differ
on different hosts. Switch to using a target struct
definition instead.
Peter Maydell [Tue, 17 Oct 2017 14:26:51 +0000 (15:26 +0100)]
Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.11-20171017' into staging
ppc patch queue 2017-10-17
Here's the currently accumulated set of ppc patches for qemu.
* The biggest set here is the ppc parts of Igor Mammedov's cleanups
to cpu model handling
* The above also includes a generic patches which are required as
prerequisites for the ppc parts. They don't seem to have been
merged by Eduardo yet, so I hope they're ok to include here.
* Apart from that it's basically just assorted bug fixes and cleanups
* remotes/dgibson/tags/ppc-for-2.11-20171017: (34 commits)
spapr_cpu_core: rewrite machine type sanity check
spapr_pci: fail gracefully with non-pseries machine types
spapr: Correct RAM size calculation for HPT resizing
ppc: pnv: consolidate type definitions and batch register them
ppc: pnv: drop PnvChipClass::cpu_model field
ppc: pnv: define core types statically
ppc: pnv: drop PnvCoreClass::cpu_oc field
ppc: pnv: normalize core/chip type names
ppc: pnv: use generic cpu_model parsing
ppc: spapr: use generic cpu_model parsing
ppc: move ppc_cpu_lookup_alias() before its first user
ppc: spapr: use cpu model names as tcg defaults instead of aliases
ppc: spapr: register 'host' core type along with the rest of core types
ppc: spapr: use cpu type name directly
ppc: spapr: define core types statically
ppc: move '-cpu foo,compat=xxx' parsing into ppc_cpu_parse_featurestr()
ppc: spapr: replace ppc_cpu_parse_features() with cpu_parse_cpu_model()
ppc: 40p/prep: replace cpu_model with cpu_type
ppc: virtex-ml507: replace cpu_model with cpu_type
ppc: replace cpu_model with cpu_type on ref405ep,taihu boards
...
Peter Maydell [Tue, 17 Oct 2017 10:29:51 +0000 (11:29 +0100)]
Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-10-16-1' into staging
Merge QIO 2017/10/16 v1
# gpg: Signature made Mon 16 Oct 2017 17:10:54 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <[email protected]>"
# gpg: aka "Daniel P. Berrange <[email protected]>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qio-2017-10-16-1:
io: fix mem leak in websock error path
io: add trace points for websocket HTTP protocol headers
io: cope with websock 'Connection' header having multiple values
io: get rid of bounce buffering in websock write path
io: pass a struct iovec into qio_channel_websock_encode
io: get rid of qio_channel_websock_encode helper method
io: simplify websocket ping reply handling
io: monitor encoutput buffer size from websocket GSource
sockets: Handle race condition between binds to the same port
sockets: factor out create_fast_reuse_socket
sockets: factor out a new try_bind() function
Peter Maydell [Tue, 17 Oct 2017 09:44:23 +0000 (10:44 +0100)]
Merge remote-tracking branch 'remotes/gkurz/tags/for-upstream' into staging
This fixes a potential data leak to the guest.
# gpg: Signature made Mon 16 Oct 2017 16:08:25 BST
# gpg: using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <[email protected]>"
# gpg: aka "Greg Kurz <[email protected]>"
# gpg: aka "Greg Kurz <[email protected]>"
# gpg: aka "Gregory Kurz (Groug) <[email protected]>"
# gpg: aka "[jpeg image of size 3330]"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894 DBA2 02FC 3AEB 0101 DBC2
* remotes/gkurz/tags/for-upstream:
9pfs: use g_malloc0 to allocate space for xattr
* remotes/kraxel/tags/ui-20171016-pull-request:
gtk: fix wrong id between texture and framebuffer
ui/gtk: Fix deprecation of vte_terminal_copy_clipboard
pc-bios/keymaps: keymaps update
Add pc-bios/keymaps/Makefile
tools: add qemu-keymap
ui: don't export qemu_input_event_new_key
ui: convert key events to QKeyCodes immediately
ui: convert common input code to keycodemapdb
ui: add keycodemapdb repository as a GIT submodule
docker: don't rely on submodules existing in the main checkout
build: automatically handle GIT submodule checkout for dtc
Gerd Hoffmann [Tue, 10 Oct 2017 13:54:49 +0000 (15:54 +0200)]
opengl: move shader init from console-gl.c to shader.c
With the upcoming dmabuf support in qemu there will be more users of the
shaders than just console-gl.c. So rename ConsoleGLState to
QemuGLShader, rename some functions too, move code from console-gl.c to
shaders.c.
Gerd Hoffmann [Tue, 10 Oct 2017 13:54:48 +0000 (15:54 +0200)]
console: add support for dmabufs
This patch adds support for dma-bufs to the qemu console interfaces.
It adds a new "struct QemuDmaBuf" to represent a dmabuf with accociated
metatdata (size, format). It adds three functions (and
DisplayChangeListenerOps operations) to set a dma-buf as display
scanout, as cursor and to release a dmabuf.
Gerd Hoffmann [Tue, 10 Oct 2017 14:13:22 +0000 (16:13 +0200)]
vga: handle cirrus vbe mode wraparounds.
Commit "3d90c62548 vga: stop passing pointers to vga_draw_line*
functions" is incomplete. It doesn't handle the case that the vga
rendering code tries to create a shared surface, i.e. a pixman image
backed by vga video memory. That can not work in case the guest display
wraps from end of video memory to the start. So force shadowing in that
case. Also adjust the snapshot region calculation.
Can trigger with cirrus only, when programming vbe modes using the bochs
api (stdvga, also qxl and virtio-vga in vga compat mode) wrap arounds
can't happen.
Greg Kurz [Thu, 12 Oct 2017 16:30:14 +0000 (18:30 +0200)]
spapr_pci: fail gracefully with non-pseries machine types
QEMU currently crashes when the user tries to add an spapr-pci-host-bridge
on a non-pseries machine:
$ qemu-system-ppc64 -M ppce500 -device spapr-pci-host-bridge,index=1
hw/ppc/spapr_pci.c:1535:spapr_phb_realize:
Object 0x1003dacae60 is not an instance of type spapr-machine
Aborted (core dumped)
The same thing happens with the deprecated but still available child type
spapr-pci-vfio-host-bridge.
Fix both by checking the machine type with object_dynamic_cast().
David Gibson [Tue, 10 Oct 2017 13:16:57 +0000 (00:16 +1100)]
spapr: Correct RAM size calculation for HPT resizing
In order to prevent the guest from forcing the allocation of large amounts
of qemu memory (or host kernel memory, in the case of KVM HV), we limit
the size of Hashed Page Table (HPT) it is allowed to allocated, based on
its RAM size.
However, the current calculation is not correct: it only adds up the size
of plugged memory, ignoring the base memory size. This patch corrects it.
While we're there, use get_plugged_memory_size() instead of directly
calling pc_existing_dimms_capacity(). The only difference is that it
will abort on failure, which is right: a failure here indicates something
wrong within qemu.
Igor Mammedov [Mon, 9 Oct 2017 19:51:09 +0000 (21:51 +0200)]
ppc: pnv: define core types statically
pnv core type definition doesn't have any fields that
require it to be defined at runtime. So replace code
that fills in TypeInfo at runtime with static TypeInfo
array that does the same at complie time.
Igor Mammedov [Mon, 9 Oct 2017 19:51:08 +0000 (21:51 +0200)]
ppc: pnv: drop PnvCoreClass::cpu_oc field
deduce cpu type directly from core type instead of
maintaining type mapping in PnvCoreClass::cpu_oc and doing
extra cpu_model parsing in pnv_core_class_init()
Igor Mammedov [Mon, 9 Oct 2017 19:51:06 +0000 (21:51 +0200)]
ppc: pnv: use generic cpu_model parsing
use common cpu_model prasing in vl.c and set default cpu_model
using generic MachineClass::default_cpu_type.
Beside of switching to generic infrastructure it solves several
issues.
* ppc_cpu_class_by_name() is used to deal with lower/upper case
and alias translations into actual cpu type, which fixes
'-M powernv -cpu power8' and '-M powernv -cpu power9_v1.0'
usecases which error out with:
'invalid CPU model 'FOO' for powernv machine'
* allows to switch to lower-case typenames in pnv chip/core name
(by convention typnames should be lower-case)
* replace aliased names /power8, power9, .../ with exact cpu model
names (i.e. typenames should be stable but aliases might decide to
point to other cpu model withi family or changed by kvm). It will
also help to simplify pnv_chip/core code and get rid of dependency
on cpu_model parsing.
Igor Mammedov [Mon, 9 Oct 2017 19:51:05 +0000 (21:51 +0200)]
ppc: spapr: use generic cpu_model parsing
use generic cpu_model parsing introduced by
(6063d4c0f vl.c: convert cpu_model to cpu type and set of global properties before machine_init())
it allows to:
* replace sPAPRMachineClass::tcg_default_cpu with
MachineClass::default_cpu_type
* drop cpu_parse_cpu_model() from hw/ppc/spapr.c and reuse
one in vl.c
* simplify spapr_get_cpu_core_type() by removing
not needed anymore recurrsion since alias look up
happens earlier at vl.c and spapr_get_cpu_core_type()
works only with resulted from that cpu type.
* spapr no more needs to parse/depend on being phased out
MachineState::cpu_model, all tha parsing done by generic
code and target specific callback.
Igor Mammedov [Mon, 9 Oct 2017 19:51:04 +0000 (21:51 +0200)]
ppc: move ppc_cpu_lookup_alias() before its first user
next commit will drop ppc_cpu_lookup_alias() declaration from header
and make it static which will break its last user ppc_cpu_class_by_name()
since ppc_cpu_class_by_name() defined before ppc_cpu_lookup_alias().
To avoid this move ppc_cpu_lookup_alias() right before
ppc_cpu_class_by_name().
Igor Mammedov [Mon, 9 Oct 2017 19:51:00 +0000 (21:51 +0200)]
ppc: spapr: define core types statically
spapr core type definition doesn't have any fields that
require it to be defined at runtime. So replace code
that fills in TypeInfo at runtime with static TypeInfo
array that does the same at complie time.
Igor Mammedov [Mon, 9 Oct 2017 19:50:59 +0000 (21:50 +0200)]
ppc: move '-cpu foo,compat=xxx' parsing into ppc_cpu_parse_featurestr()
there is a dedicated callback CPUClass::parse_features
which purpose is to convert -cpu features into a set of
global properties AND deal with compat/legacy features
that couldn't be directly translated into CPU's properties.
Create ppc variant of it (ppc_cpu_parse_featurestr) and
move 'compat=val' handling from spapr_cpu_core.c into it.
That removes a dependency of board/core code on cpu_model
parsing and would let to reuse common -cpu parsing
introduced by 6063d4c0
Set "max-cpu-compat" property only if it exists, in practice
it should limit 'compat' hack to spapr machine and allow
to avoid including machine/spapr headers in target/ppc/cpu.c
for (i = 0; i < ARRAY_SIZE(type_infos); i++) {
type_register_static(&type_infos[i]);
}
}
type_init(foo_register_types)
with a single line
DEFINE_TYPES(type_infos)
where types have static definition which could be consolidated in
a single array of TypeInfo structures.
It saves us ~6-10LOC per use case and would help to replace
imperative foo_register_types() there with declarative style of
type registration.
hw/ppc/spapr.c: abort unplug_request if previous unplug isn't done
LMB removal is completed only when the spapr_lmb_release callback
is called after all DRCs of the dimm are detached. During this
time, it is possible that a unplug request for the same dimm
arrives, trying to detach DRCs that were detached by the guest
in the first unplug_request.
BQL doesn't help in this case - the lock will prevent any concurrent
removal from happening until the end of spapr_memory_unplug_request
only. What happens is that the second unplug_request ends up calling
spapr_drc_detach in a DRC that were detached already, causing an
assert error in spapr_drc_detach (e.g
https://bugs.launchpad.net/qemu/+bug/1718118).
spapr_lmb_release uses a structure called sPAPRDIMMState, stored in the
spapr->pending_dimm_unplugs QTAIL, to track how many LMB DRCs are left
to be detached by the guest. When there are no more DRCs left, this
structure is deleted and the pc-dimm unplug handler is called to
finish the process.
This patch reuses the sPAPRDIMMState to allow unplug_request to know
if there is an ongoing unplug process for a given dimm, aborting the
unplug request in this case, by doing the following changes:
- in spapr_lmb_release callback, move the dimm state removal to the
end, after pc-dimm unplug handler. With this change we can check for
the existence of the dimm state to see if the unplug process is
done.
- use spapr_pending_dimm_unplugs_find in spapr_memory_unplug_request
to check if the dimm state exists. If positive, there is an unplug
operation already in progress for this dimm, meaning that we should
abort it and warn the user about it.
Fixes: https://bugs.launchpad.net/qemu/+bug/1718118 Signed-off-by: Daniel Henrique Barboza <[email protected]> Signed-off-by: David Gibson <[email protected]>
Sandipan Das [Fri, 6 Oct 2017 06:42:44 +0000 (12:12 +0530)]
target/ppc: Fix carry flag setting for shift algebraic instructions
For POWER ISA v3.0, the XER bit CA32 needs to be set by the shift
right algebraic instructions whenever the CA bit is to be set. This
change affects the following instructions:
* Shift Right Algebraic Word (sraw[.])
* Shift Right Algebraic Word Immediate (srawi[.])
* Shift Right Algebraic Doubleword (srad[.])
* Shift Right Algebraic Doubleword Immediate (sradi[.])
David Gibson [Fri, 6 Oct 2017 11:21:18 +0000 (22:21 +1100)]
target/ppc: Add POWER9 DD2.0 model information
At the moment the only POWER9 model which is listed in qemu is v1.0 (aka
"DD1"). This is a very early (read, buggy) version which will never be
released to the public - it was included in qemu only for the convenience
of those doing bringup on the early silicon. For bonus points, we actually
had its PVR incorrect in the table (0x004e0000 instead of 0x004e0100). We
also never actually implemented the differences in behaviour (read, bugs)
that marked DD1 in qemu.
Now that we know the PVR for the substantially better v2.0 (DD2) chip,
include it and make it the default POWER9 in qemu. For the time being we
leave the DD1 definition in place for the poor souls (read, me) who still
need to work with DD1 hardware.
Greg Kurz [Wed, 4 Oct 2017 09:02:31 +0000 (11:02 +0200)]
spapr: sanity check size of the CAS buffer
The CAS buffer is provided by SLOF. A broken SLOF could pass a silly
size: either smaller than the diff header, in which case the current
code will try to allocate 16 Exabytes of memory and g_malloc0() will
abort, or bigger than the maximum memory provisioned for SLOF (ie,
40 Megabytes), which doesn't make sense. Both cases indicate that
SLOF has a bug.
Let's print out an explicit error message and exit since rebooting as
we do with other errors would only result in a reset loop.
Signed-off-by: Greg Kurz <[email protected]>
[dwg: Fix format specifier that broke 32-bit builds] Signed-off-by: David Gibson <[email protected]>
Thomas Huth [Tue, 3 Oct 2017 10:14:04 +0000 (12:14 +0200)]
target/ppc: Remove unused PPC 460 and 460F definitions
We don't have any 460 or 460F CPUs in QEMU, so the init functions
are just dead code. Let's simply remove them (translate_init.c
is already big enough without them).
filter-mirror: segfault when specifying non existent device
When using filter-mirror like the example below where the interface
'ndev0' does not exist on the host, QEMU crashes into segmentation
fault.
$ qemu-system-x86_64 -S -machine pc -netdev user,id=ndev0 -object filter-mirror,id=test-object,netdev=ndev0
This happens because the function filter_mirror_setup() does not check
if the device actually exists and still keep on processing calling
qemu_chr_find(). This patch fixes this issue.
Peter Maydell [Thu, 12 Oct 2017 13:17:47 +0000 (14:17 +0100)]
include/hw/or-irq.h: Drop unused in_irqs field
The struct OrIRQState has an unused member field in_irqs.
This is a legacy of earlier versions of the patch; the
code that used it was dropped from the final version of
the code that went into master, but we forgot to delete
the no-longer-used struct field. Do so now.
Comments explaining why we include a header tend to go bad. This
one's almost comical: not only doesn't qemu-options.hx use
MAP_POPULATE anymore (since commit ef36fa1, v2.0.0, 2013), even the
include it applies to got moved away in commit 02d0e09 (v2.7.0).
* remotes/huth/tags/pull-request-2017-10-16:
default-configs: Enable CONFIG_VMXNET3_PCI only on x86
tests/prom-env: Bump the timeout, and test pseries only in slow mode
tests: use g_new() family of functions
M68K: use g_new() family of functions
hw/m68k: Replace fprintf(stderr, "*\n" with error_report()
Peter Maydell [Mon, 16 Oct 2017 16:29:16 +0000 (17:29 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc, pci, virtio: fixes, features
A bunch of fixes all over the place.
A new vmcore device - the user interface around it is still somewhat
controversial, but I feel most of the code is fine, suggestions can be
addressed by adding patches on top.
Signed-off-by: Michael S. Tsirkin <[email protected]>
# gpg: Signature made Sun 15 Oct 2017 04:02:23 BST
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <[email protected]>"
# gpg: aka "Michael S. Tsirkin <[email protected]>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream: (26 commits)
tests/pxe: Test more NICs when running in SPEED=slow mode
pc: remove useless hot_add_cpu initialisation
isapc: Remove unnecessary migration compatibility code
virtio-pci: Replace modern_as with direct access to modern_bar
virtio: fix descriptor counting in virtqueue_pop
hw/gen_pcie_root_port: make IO RO 0 on IO disabled
pci: Validate interfaces on base_class_init
xen/pt: Mark TYPE_XEN_PT_DEVICE as hybrid
pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices
pci: Add INTERFACE_PCIE_DEVICE to all PCIe devices
pci: Add interface names to hybrid PCI devices
pci: conventional-pci-device and pci-express-device interfaces
PCI: PCIe access should always be little endian
virtio/pci/migration: Convert to VMState
hw/pci-bridge/pcie_pci_bridge: properly handle MSI unavailability case
pci: allow 32-bit PCI IO accesses to pass through the PCI bridge
virtio/vhost: reset dev->log after syncing
MAINTAINERS: add Dump maintainers
scripts/dump-guest-memory.py: add vmcoreinfo
kdump: set vmcoreinfo location
...
Paolo Bonzini [Wed, 22 Mar 2017 10:57:10 +0000 (11:57 +0100)]
target/i386: trap on instructions longer than >15 bytes
Besides being more correct, arbitrarily long instruction allow the
generation of a translation block that spans three pages. This
confuses the generator and even allows ring 3 code to poison the
translation block cache and inject code into other processes that are
in guest ring 3.
This is an improved (and more invasive) fix for commit 30663fd ("tcg/i386:
Check the size of instruction being translated", 2017-03-24). In addition
to being more precise (and generating the right exception, which is #GP
rather than #UD), it distinguishes better between page faults and too long
instructions, as shown by this test case:
Peter Maydell [Thu, 12 Oct 2017 12:59:41 +0000 (13:59 +0100)]
docs/devel/loads-stores.rst: Document our various load and store APIs
QEMU has a wide selection of different functions for doing
loads and stores; provide some overview documentation of
what they do and how to pick which one to use.
Paolo Bonzini [Tue, 10 Oct 2017 15:14:44 +0000 (17:14 +0200)]
nios2: define tcg_env
This should be done by all target and, since commit 53f6672bcf
("gen-icount: use tcg_ctx.tcg_env instead of cpu_env", 2017-06-30),
is causing the NIOS2 target to hang.
This is because the test for "should I exit to the main loop"
was being done with the correct offset to the icount decrementer,
but using TCG temporary 0 (the frame pointer) rather than the
env pointer.
Paolo Bonzini [Fri, 14 Jul 2017 09:51:41 +0000 (11:51 +0200)]
build: remove CONFIG_LIBDECNUMBER
It is used by all PPC targets; we can give the directory its own
Makefile.objs file, and include it directly from target/ppc.
target/s390 can do the same when it starts using it.
io: cope with websock 'Connection' header having multiple values
The noVNC server sends a header "Connection: keep-alive, Upgrade" which
fails our simple equality test. Split the header on ',', trim whitespace
and then check for 'upgrade' token.
projects / qemu.git / log